This blog is a service of Alston & Bird's Privacy & Data Security team and focuses on key data privacy and data security issues.

Category Archives: National Security

In October of last year, we reported that digital rights advocacy group Digital Rights Ireland (“DRI”) had brought an action to annul the EU-U.S. Privacy Shield. DRI filed its challenge before the General Court of the European Union, which is the court of first instance in the EU system with exclusive jurisdiction over challenges to the validity of EU legal acts. Last week, the General Court dismissed DRI’s challenge, meaning that Privacy Shield remains valid and in force.
DRI based its Privacy Shield suit on Article 263 of the Treaty on the Functioning of the European Union (TFEU), [...] Read more

Peter Swire, Elizabeth and Thomas Holder Chair at the Georgia Tech Scheller College of Business and senior counsel at Alston & Bird, has made public his expert testimony from the landmark Irish High Court Case Data Protection Commissioner v. Facebook Ireland Limited & Maximillian Schrems. Under the Irish Court’s rules, Swire was asked to provide an independent opinion on U.S. surveillance law to assist the Court in its decision. Swire’s testimony highlights U.S. systemic remedies, U.S. individual remedies, Foreign Intelligence Surveillance Court oversight, and the broader implications [...] Read more

On May 23, 2017, the Fourth Circuit Court of Appeals issued its opinion on Wikimedia foundation v. NSA/CSS. The Court vacated and remanded the NSA’s previously successful motion to dismiss Wikimedia’s Fourth and First Amendment claims against the NSA’s Upstream surveillance program, while a 2-1 majority upheld the dismissal of the eight other organizations joined as co-plaintiffs. The Court held that Wikimedia’s complaint contained sufficient factual allegations to determine Article III standing and that the District Court misapplied Clapper v. Amnesty International USA’s analysis of [...] Read more

On May 11, 2017, President Trump signed a long-awaited executive order on cybersecurity (the “Order”). The Order directs executive agencies to complete a risk management report based on the NIST Cybersecurity Framework (the “Framework”) and also requires the Department of Homeland Security (DHS) and other agencies to undertake activities in support of effective cybersecurity risk management for operators of critical infrastructure. More generally, the Order directs several agencies to submit reports to the President on a varied set of cybersecurity-related topics. These measures demonstrate [...] Read more

On Friday, May 12, companies in countries across the globe witnessed an unprecedented malware outbreak as ransomware labeled “WannaCry” and “Wanna Decryptor” infected a large range of critical systems. The malware exploits a vulnerability in older versions of Microsoft’s Windows, locks the systems it infects, and threatens to delete files unless a bitcoin ransom is paid.
What happened?
An attacker or group of attackers unleashed a wave of ransomware infections beginning on Friday, May 12. More so than previous attacks, this outbreak resulted in substantial disruption to regular [...] Read more

The Court of Appeals for the State of New York recently rejected Facebook’s appeal of its challenge to bulk search warrants issued pursuant to the Stored Communications Act (SCA) and separately challenged the warrants’ nondisclosure component. The Court affirmed the lower court’s ruling that Facebook could not appeal the rejection of its motion to quash the SCA warrant.
In this case, at the request of the Manhattan District Attorney’s Office, the New York Supreme Court issued 381 warrants directing Facebook to “retrieve, enter, examine, copy, analyze, and . . . search” the targeted [...] Read more

Earlier this year, the Center for Cyber & Homeland Security at the George Washington University (“Center”) announced a new project on active defense against cyber threats. The Center established a high-level task force to examine these issues. The task force included prominent cybersecurity and industry experts, including Alston & Bird partner Michael Zweiback.
The Task Force successfully released its final report in October. It is available here.
The report comes at a time when cyber vulnerabilities have been exploited by hostile state and non-state actors in cyberspace [...] Read more

Last week, President Obama issued a new Presidential Policy Directive (PPD) establishing principles to govern the federal government’s response to cyber incidents, “whether involving government or private sector entities.” Titled “PPD-41,” the document also designates the lead federal agencies for so-called significant cyber incidents and creates an “architecture for coordinating the broader Federal Government response” to significant cyber incidents that is further described in an attached Annex.
PPD-41 defines a cyber incident as:
An event occurring on or conducted through [...] Read more

The Department of Justice has announced the indictment of seven Iranian hackers alleged to work for the Iranian government on charges stemming from a coordinated string of distributed denial of service (“DDoS”) attacks primarily against U.S. financial institutions from 2011 to 2013. One of the hackers is also charged with hacking into the supervisory control and data acquisition (“SCADA”) systems of a dam in Rye, New York, outside of New York City, in 2013. Loretta E. Lynch, the Attorney General of the United States, Preet Bharara, the United States Attorney for the Southern District [...] Read more

The Obama administration will reportedly seek to renegotiate a controversial cybersecurity export control rule required to be implemented into U.S. regulations by the Commerce Department under the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies. The Wassenaar Arrangement is based on a multilateral agreement reached by the founding countries in 1995. Each participating state is responsible for implementing export controls based on annually updated control lists of munitions and dual-use goods and technologies (i.e., having both commercial and [...] Read more